<?php 
include ('header.php');
include ('show_smilies.php');
if ($bad_word_filter == 1){
include 'word_filter.php';}
$hide_footer = 1;
if ($guest_search != 1 AND $_SESSION['signed_in'] == false)
{header('location: signin.php');}
if($_SERVER['REQUEST_METHOD'] != 'POST')
{ 
$result = $db->query("SELECT cat_id, cat_name, cat_description, cat_parent, cat_child FROM ".$table_prefix."categories");
echo '<br/><div align="center"><table style="width:600px;" border="1">
<tr><th width="200"><b>'.$l_search.'</b></th><th></th></tr>
<tr><td align="right" height="32"><form name="myForm" method="post" action="">'.$l_sterm.' &nbsp;</td><td><input maxlength="42" type="text" size="42" name="search_term" /><br /> <b></td></tr><tr><td align="right" height="32">'.$l_forum .'</b>&nbsp;</input></td><td>'; 

echo '<select name="topic_cat">';
echo '<option  value="all">'.$l_all.'</option>';
while($row = $db->fetch_array($result,'assoc'))
{
if ($row['cat_id'] == $_GET['f']) {
$selected = "selected"; }
else{
$selected= NULL; }
if ($row['cat_parent']==0)
{
echo '<option  disabled="disabled" value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
$result2=$db->query("SELECT * FROM ".$table_prefix."categories WHERE cat_parent >0");}
while($row2 = $db->fetch_array($result2,'assoc'))
   {
if ($row2['cat_parent']== $row['cat_id'])
{
if ($row2['cat_id'] == $_GET['f']) {
$selected = "selected";}
else{
$selected= NULL; }
echo '<option ' . $selected . ' value = '.$row2["cat_id"].'>&nbsp;|- > '.$row2["cat_name"].'</option>';}
   }
} 
echo '</select></td></td>';
echo '<tr><td align="right" height="32">
'.$l_sin.'&nbsp;</td><td><select name="search_in">
<option  value="Topics">'.$l_stitle.'</option>
<option  value="Posts">'.$l_sposts.'</option>
</select></td></tr>

<tr><td align="right" height="32">
'.$l_suser.'&nbsp;</td><td><input maxlength="42" type="text" size="42" name="user" /></input></td></tr>
<tr><td></td><td><input type="submit" class="inputButton"  value="'.$l_search.'" /></td></tr></table>
</div><br /><br />
';
}
else
{
if (strlen($_POST['search_term']) < 3)
{echo "<hr/><br/><div align='center'<span style='color:red'>$l_error_search1 </span><br/><br/><a href = 'search.php'>$l_back_to_prev</a></div><br/><br/>";die;}

echo "<hr/><br/>$l_sused<b> ".$_POST['search_term']."</b><br/>";
}
if (isset($_POST['search_in'])){
if ($_POST['search_in'] == "Topics")
{
$searchTerms = trim($_POST['search_term']);
$searchTerms = strip_tags($searchTerms); // remove any html/javascript.
$searchTermDB = mysql_real_escape_string($searchTerms); // prevent sql injection.
$searchTermDB = str_replace('iframe','%69%66%72%61%6D%65',$searchTermDB);

if($_POST['topic_cat']=="all") {$topic_cat = "topic_cat>0";}
else
{$topic_cat = "topic_cat=".$_POST['topic_cat']."";}

if($_POST['user']=="") {$user = "topic_by>0";}
else
{$user = "topic_last_poster='".$_POST['user']."'";}

$result = $db->query("SELECT * FROM ".$table_prefix."topics WHERE $topic_cat AND LOWER(`topic_subject`) LIKE LOWER('%{$searchTermDB}%') AND $user ORDER BY `topic_date` ASC");

if (mysql_num_rows($result) < 1) {echo "<hr/><br/><div align='center'<span style='color:red'>$l_sno_result1 <b>{$searchTerms}</b> $l_sno_result2</span><br/><br/><a href = 'search.php'>$l_back_to_prev</a></div><br/><br/>";}
echo "Search found: ".mysql_num_rows($result)." $l_smatches <a href = 'search.php'>$l_search_again</a><br/><br/>";
 while ($row = $db->fetch_array($result,'assoc')) {
 $result2 = $db->query("SELECT user_name,user_id FROM ".$table_prefix."users WHERE user_id = ".$row['topic_by']." LIMIT 1"); 
$row2 = $db->fetch_array($result2,'assoc');

 $text = $row['topic_subject'];
 

 echo "<table border=1><tr><th><b>
&nbsp;<a href='topic.php?f=$row[topic_cat]&t=$row[topic_id]'>$text</a>
</b> </th></tr><tr><td height='30'>$l_sauthor <a href = 'user.php?u=$row2[user_id]'><b>$row2[user_name]</b></a> - ".date($date_format, strtotime($row['topic_date']))."</td></tr></table><br />";
 }
}

if ($_POST['search_in'] == "Posts")
{
$searchTerms = trim($_POST['search_term']);
$searchTerms = strip_tags($searchTerms); // remove any html/javascript.
$searchTermDB = mysql_real_escape_string($searchTerms); // prevent sql injection.
$searchTermDB = str_replace('iframe','%69%66%72%61%6D%65',$searchTermDB);

if($_POST['topic_cat']=="all") {$topic_cat = "post_cat>0";}
else
{$topic_cat = "post_cat=".$_POST['topic_cat']."";}

$result = $db->query("SELECT * FROM ".$table_prefix."posts WHERE $topic_cat AND LOWER(`post_content`) LIKE LOWER('%{$searchTermDB}%') ORDER BY `post_date` ASC");

if (mysql_num_rows($result) < 1) {echo "<hr/><br/><div align='center'<span style='color:red'>$l_sno_result1 <b>{$searchTerms}</b> $l_sno_result2</span><br/><br/><a href = 'search.php'>$l_back_to_prev</a></div><br/><br/>";}
echo "Search found: ".mysql_num_rows($result)." $l_smatches <a href = 'search.php'>$l_search_again</a><br/><br/>";
 //BAD WORD FILTER
   if ($bad_word_filter == 1){
$filter = $db->query("SELECT * FROM ".$table_prefix."word_filter");
$word_filter = $db->fetch_array($filter,'assoc');
if ($word_filter['bad_words'] !=""){
$banned_word_list = $word_filter['bad_words'];
}
 while ($row = mysql_fetch_assoc($result)) {
$result2 = $db->query("SELECT user_name,user_id FROM ".$table_prefix."users WHERE user_id = ".$row['post_by']." LIMIT 1"); 
$row2 = $db->fetch_array($result2,'assoc');
 if ($row['post_page'] == 0) {$page = 1;}
 else
 {$page = $row['post_page'];}
 
 $text = strip_tags($row['post_content']);
 $text = mysql_real_escape_string($text);
 $text = smilies($text, 'img/smilies/');
    
$text = wordfilter($banned_word_list,$text) ;
$text = str_replace('iframe','%69%66%72%61%6D%65',$text);
$text = str_replace('</td>','..',$text);
$text = str_replace('src =','..',$text);
$text = str_replace('\r','<br>',$text);
$text = str_replace('\n','',$text);
//$text = substr($text,0,500);
 echo "<table border=1><tr><th><b>
&nbsp;<a href='topic.php?f=$row[post_cat]&t=$row[post_topic]&page=$page#$row[post_id]'>$row[post_subject]</a>
</b>$l_sauthor <a href = 'user.php?u=$row[post_by]'><b>$row2[user_name]</b></a> - ".date($date_format, strtotime($row['post_date']))."</td></tr><tr><td class='postedText'>$text</td></tr></table><br />";
 }
}
}}
if ($hide_footer <1) {include 'footer.php';}	
$pageContents = ob_get_contents (); // Get all the page's HTML into a string
ob_end_clean (); // Wipe the buffer 
echo str_replace ('<!--TITLE-->', $pageTitle, $pageContents);  